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REMARKS 

Please reconsider the application in view of the above amendments and the 
following remarks. 

Disposition of Claims 

Claims 1, 5-8, 10, 14-17, and 25-33 are pending in this application. Claims 1, 10, 
and 22 are independent. The remaining claims depend, directly or indirectly, from claims 
1 and 10. 

Objection(s) 

The specification was objected to for failing to properly cite U.S. Patent 
Application Serial Nos. 09/039,197 and 09/042,338. The specification has been amended 
in accordance with the Examiner's suggestions. According, withdrawal of this objection 
is respectfully requested. 

Rejection(s) under 35 U.S.C § 112 

Claims 5, 28, and 33 stand rejected under 35 U.S.C. § 1 12 as indefinite. Claims 5 
and 28 have been amended in this reply to clarify the present invention recited in view of 
this rejection. Further, claim 33 has been cancelled by the reply. Accordingly, 
withdrawal of this rejection is respectfully requested. 
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Rejection(s) under 35 U.S.C § 103 

Claims 1, 5-8, 10, 14-17, 22, and 25-33 stand rejected under 35 U.S.C. §103 (a) as 
being unpatentable over U.S. Patent No. 5,898,830 ("Wesinger"). Claim 22 has been 
cancelled by this reply. Thus, the rejection is moot with respect to cancelled claim 22. 
This rejection is respectfully traversed with respect to the remaining pending claims. 

The present invention as claimed relates to the creation of logical broadcast 
domains within a computer network that serves to limit access of particular clients to 
particular network services. Initially, a network client (14) is associated with a physical 
group of computers. The connection device through which the client computer connects 
to the computer network may define a physical group. Thus, for example, all client 
computers within the network associated with customer (14) may define a physical group 
as they all connected to the computer network through frame relay (32). Each client 
computer may then be associated with one or more logical broadcast domains within the 
computer network. Each logical broadcast domain defines the access privileges for all 
members within the broadcast domain. The logical broadcast domains are implemented 
using a static route policy. 

In contrast, Wesinger is directed towards standard firewall technologies, which 
are used to prevent unauthorized users from accessing a computer network (see e.g., 
Wesinger, col. 3, 11. 49-60). Wesinger focuses on preventing unauthorized users from 
accessing a network by requiring that "all traffic between the two networks must pass 
through a single point of controlled access." (Wesigner, col. 6, 11. 63-65) While the 
aforementioned solution is designed to effectively prevent unauthorized users from 
gaining access to a computer network, it is not designed to be used to limit access of an 
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authorized user once the user has gained access to the computer network. Further, 
Wesinger does not teach or suggest using firewall technology to restrict user access once 
an authorized user has entered the computer network. While Wesinger discloses using 
an internal router to insulate the internal network from the perimeter network, that is not 
analogous to the present invention as claimed. Wesinger' s discussion of adding 
additional layers of protection, i.e., firewalls, only serve to prevent unauthorized users 
from entering the internal network and not restricting user access of an authorized user 
once the user has entered the internal network. 

Further, the present invention as claimed uses a single static route policy, 
implemented across at least two routers to create and manage the logical broadcast 
domains. In contrast, Wesinger only discloses firewall techniques that are implemented 
using dynamic filtering and routing. Further, Applicant respectfully asserts that the 
Examiner's assertion that "static tables containing policy entries" are analogous to a 
"single static routing policy" is incorrect. Specifically, the static tables disclosed in 
Wesinger correspond to DNS/DDNS mappings (see Wesinger, col. 10, 11. 59-65), while 
the static routing policy recited in the claims corresponds to a static routing table 
containing entries which define criteria that is used to grant or deny access to a particular 
logical broadcast domain (see, e.g., Instant Specification, p. 7, 11. 22-29, and p.8, 11. 15- 
27). Moreover, the use of the single static route policy is counter-intuitive to the 
approach used in most routing schemes, including the scheme implemented in Wesinger. 

In view of the above, claim 1 is patentable over Wesinger. Independent claims 10 
and 19 include the same patentable subject matter and thus, are patentable for at least the 
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same reasons as claim 1. Further, dependent claims are also patentable for at least the 
same reasons. 

Claims 1, 5-8, 10, 14-17, 22, and 25-33 stand rejected under 35 U.S.C. §103 (a) as 
being unpatentable over U.S. Patent No. 5,898,830 ("Wesinger") in view of "Network 
Firewall" by Steven M. Bellovin ("Bellovin"). Claim 22 has been cancelled by this 
reply. Thus, the rejection is moot with respect to cancelled claim 22. This rejection is 
respectfully traversed with respect to the remaining pending claims. 

From the proceeding discussion, it is clear that Wesinger does not teach or 
suggest the invention recited in the claims. Further, Bellovin does not teach that which 
Wesinger lacks. Specifically, Bellovin provides a discussion of general firewall 
technology. However, Bellovin, like Wesinger, focuses on preventing unauthorized users 
from accessing a network. However, Bellovin does not teach or suggest firewall 
technology which is designed to be used to limit access of an authorized user once the 
user has gained access to the computer network. Further, while Bellovin discloses using- 
an internal router to insulate the internal network from the perimeter network, that is not 
analogous to the present invention as claimed. Bellovin' s discussion of adding additional 
layers of protection, i.e., firewalls, only serve to prevent unauthorized users from entering 
the internal network and not restricting user access of an authorized user once the user 
has entered the internal network. Further, Bellovin does not teach or suggest a static 
route table as recited in the claims. 

In view of the above, claim 1 is patentable over Wesinger in view of Bellovin. 
Independent claims 10 and 19 include the same patentable subject matter and thus, are 
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patentable for at least the same reasons as claim 1 . Further, dependent claims are also 

patentable for at least the same reasons. 

Conclusion 

Applicant believes this reply is fully responsive to all outstanding issues and 
places this application in condition for allowance. If this belief is incorrect, or other 
issues arise, the Examiner is encouraged to contact the undersigned or his associates at 
the telephone number listed below. Please apply any charges not covered, or any credits, 
to Deposit Account 50-0591 (Reference Number 09469.002002). 

Date: 



71688_2 



Respectfully submitted, 




Jonathan P. Osha, Reg. No. 33,986 
OSHA & MAY L.L.P. 
One Houston Center, Suite 2800 
1221 McKinney Street 
Houston, TX 77010 
Telephone: (713) 228-8600 
Facsimile: (713)228-8778 
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